CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,461 vulnerabilities with CWE-79
CVE-2024-43985 MEDIUM
Bus Ticket Booking with Seat Reservation <= 5.3.5 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-43977 MEDIUM
The Plus Addons for Elementor Page Builder Lite <= 5.6.2 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2024-43938 MEDIUM
Jeroen Peters Name Directory <1.29.0 - XSS
CVSS 6.5
CVE-2024-8907 MEDIUM
Google Chrome < 129.0.6668.58 - Cross-Site Scripting via Omnibox UI Gestures
CVSS 6.1
CVE-2024-46976 MEDIUM
Backstage < 1.10.13 - Stored Cross-Site Scripting in TechDocs Content
CVSS 6.5
CVE-2024-8951 LOW
SourceCodester Resort Reservation System 1.0 - Cross-Site Scripting via manage_fee.php toview Parameter
CVSS 3.5
CVE-2024-45812 MEDIUM
Vite 3.2.11-4.5.5, 5.0.0-5.2.14, 5.3.0-5.3.6, 5.4.0-5.4.6 - XSS via DOM Clobbering in cjs/iife/umd
CVSS 6.4
CVE-2024-8660 MEDIUM
Concrete CMS 9.0.0-9.3.3 - Stored Cross-Site Scripting in Top Navigator Bar Block
CVSS 4.8
CVE-2024-45803 MEDIUM
wireui < 1.19.3 - Cross-Site Scripting via Button Label Parameter
CVSS 6.1
CVE-2024-38380 MEDIUM
Millbeckcommunications ProRoute H685T-W Firmware - Reflected XSS
CVSS 5.5
CVE-2024-38860 MEDIUM
Checkmk - Cross-Site Scripting via Malicious Links
CVSS 6.1
CVE-2024-7873 CRITICAL
Veribilim Software Veribase Order <4.010.3 - XSS
CVE-2024-5170 MEDIUM
Logo Manager For Enamad WordPress <0.7.1 - XSS
CVSS 4.8
CVE-2024-40857 MEDIUM
Safari < 18 - Universal Cross-Site Scripting
CVSS 6.1
CVE-2024-40846 MEDIUM
macOS < 14.7 - Denial of Service via Maliciously Crafted Video File
CVSS 5.5
CVE-2024-40845 MEDIUM
macOS < 14.7 - Denial of Service via Malicious Video File Processing
CVSS 5.5
CVE-2024-45800 MEDIUM
Snappymail < 2.38.0 - Stored Cross-Site Scripting via HTML Sanitization Bypass
CVSS 5.0
CVE-2024-45799 HIGH
FluxCP < 1.3.0 - Stored Cross-Site Scripting via Shop Names
CVSS 7.3
CVE-2024-39910 MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting via QuillJS WYSIWYG Editor
CVSS 5.4
CVE-2024-32034 MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting in Admin Activity Log
CVSS 6.8
CVE-2024-8661 MEDIUM
Concrete CMS <9.3.3, <8.5.19 - Stored XSS
CVSS 4.8
CVE-2024-46970 LOW
JetBrains IntelliJ IDEA < 2024.1.0 - HTML Injection via Project Name
CVSS 3.3
CVE-2024-8776 MEDIUM
intumit smartrobot_firmware < 7.1.0 - Unauthenticated Reflected Cross-Site Scripting via Page Parameter
CVSS 6.1
CVE-2024-44059 MEDIUM
Custom Query Blocks <= 5.3.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2024-44058 MEDIUM
CryoutCreations Parabola <= 2.4.1 - Stored Cross-Site Scripting
CVSS 6.5
Details
Vulnerabilities 45,461
Exploit Likelihood High